The default password length is usually 8 characters. In order to improve security longer, passwords can be enforced. Pluggable Authentication Module (PAM) is used for login authentication. We will make changes to the pam_cracklib module to control how the user authenticates.
1. Create backup then list contents of the tar file:
# tar -cvf backup.tar /etc/pam.d/system-auth /lib/security/* # tar -tf backup.tar
2. Open file /etc/pam.d/system-auth file with an editor such as vi. Inside the /etc/pam.d/system-auth file you will find line:
password requisite /lib/security/$ISA/pam_cracklib.so retry=3 type=
Replace the line with:
password requisite /lib/security/$ISA/pam_cracklib.so retry=3 minlen=10
As you can see above, the default password length has been changed from 8 to 10 using the “minlen=10” option.
Make the changes carefully. If a change is made and the system becomes inaccessible, go into rescue mode and replace the files with the backup files previously created. Once the proper changes have been made to the system-auth file and everything is working as desired, a backup of the new system-auth should be made. If the authconfig command is used, it will overwrite the system-auth file. If a single digit number is used in the password, an extra character must be used in the password.